Incorrect Authorization in GitLab_CVE-2026-11379

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.

Basic Information

ID CVE-2026-11379

Source GitLab

Published Jun 25, 2026 at 04:33

Affected Product

Vendor GitLab

Product GitLab

Version 13.11

Affected Versions GitLab GitLab 13.11
GitLab GitLab 19.0
GitLab GitLab 19.1

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under certain conditions.",
    "published": "2026-06-25T04:33:49.041Z",
    "modified": "2026-06-25T04:33:49.041Z",
    "type": "cve",
    "title": "Incorrect Authorization in GitLab",
    "source": "GitLab",
    "references": "https://gitlab.com/gitlab-org/gitlab/-/work_items/517659\nhttps://docs.gitlab.com/releases/patches/patch-release-gitlab-19-1-1-released/",
    "id": "CVE-2026-11379",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "GitLab GitLab 13.11\nGitLab GitLab 19.0\nGitLab GitLab 19.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GitLab",
    "version": "13.11",
    "vendor": "GitLab",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}